Archive for 11月 2005

del.icio.us增加了tag rolls功能

看到del.icio.us增加了tag rolls,其实这个功能在车东的聚合页上就有过了,是利用了这个网站 (我的页面)。只不过我没找到JS输出。del.icio.us自身提供的tag rolls就提供JS输出。我的del.icio.us的tag rolls如下:

将blogbus上的文章都移过来了

今天将blogbus上的文章都移过来了,以后就准备更新这一个日志了,以前是想把freebsd相关的技术文章发在blogbus上,这个用来更新非技术类的文章,但现在看来这样反而不好,维护两个还不如专心维护好一个吧:)

PS:不过blogbus有备份功能,我想以后用作备份也挺好的。

测试php方法

在apache文档目录下新建一个test.php,内容如下:

phpinfo ();
?>

然后打入http://your url/test.php,如果有相关php信息,说明php安装成功。

20051114更新:Diaoxian给我留言说少写东西了,一看,真的少了。正确的是:(谢谢Diaoxian)

<?
phpinfo();

?>

telnet时出现“telnetd: All network ports in use”

昨天安装freebsd5.4后发现登陆telnet时出现“telnetd: All network ports in use”,搜索资料,估计下来是内核的问题,于是查找内核中被注释掉(带#号的)的选项,发现

#device pty # Pseudo-ttys (telnet etc)

被注释掉了,一查资料,原来pty是“pty 是虚拟的终端机”。

所以直接将#号去掉,然后重新编译内核,重启服务器,再次用telnet连接,一切正常。

freebsd5.4安装squid时需perl

今天将三台代理服务器重新做系统,freebsd换成了5.4STABLE,可安装到squid时竟然说需要先安装perl,以前安装4.X-STABLE时从没遇到这种情况,马上搜索相关资料,发现freebsd4.x默认是安装perl的,但从5.x开始就将perl删除了,所以只能自己安装。

为了加快速度,先从http://www.cpan.org/authors/id/R/RG/RGARCIA/上下载perl-5.6.2.tar.gz,然后拷贝到/usr/ports/distfiles中,然后:

# cd /usr/ports/lang/perl5
# make install

完成安装后再进行squid的安装。

freebsd5.4下ipfilter+ipnat包过滤、转发和DHCP服务器架构笔记

通过架设此服务器,使网内客户端不用任何网络的配置,就可以直接网络互联网。
网络信息:
网段 -> 192.168.61.0/24
xl0 -> 内网网卡 192.168.61.254 (dhcp网卡)
em0 -> 外网网卡 218.104.52.x/32

一、安装freebsd4.11STABLE

http://www.freebsd.org/releases/4.11R/announce.html选择一个FTP服务器下载,然后刻成光盘。接下来从光盘安装,我的几点选项:

1、选择软件包时选择最小化安装。
2、编辑inetd.conf时开通ftp及telnet服务。

其它的都默认安装,具体可参考:<http://www.freebsd.org.cn/snap/doc/zh_CN.GB2312/books/handbook/install-start.html>,安装完后重启机器。

二、配置freebsd

1、配置/etc/rc.conf:

hostname="gateway_bake.jscpu.com"
defaultrouter="218.104.52.x"
ifconfig_em0="inet 218.104.52.x netmask 255.255.255.248"
ifconfig_xl0="inet 192.168.61.254 netmask 255.255.255.0"

ipfilter_enable="YES"
ipfilter_rules="/etc/ipf.conf"
ipnat_enable="YES"
ipnat_rules="/etc/ipnat.conf"
gateway_enable="YES"
inetd_enable="YES"
kern_securelevel_enable="NO"
linux_enable="YES"
nfs_reserved_port_only="YES"
sendmail_enable="NONE"
sshd_enable="YES"
usbd_enable="NO"

2、配置/etc/resolv.conf:

domain jscpu.com
nameserver 218.104.48.106
nameserver 221.6.4.66

3、将光盘放入光驱中,安装ports和src

# /stand/sysinstall
然后选择Configure–>Distributions,然后利用空格键选择src和ports两项,点install,安装完成后重启机器。

三、配置内核

# cd /usr/src//sys/i386/conf
# cp GENERIC funpower
# ee funpower

内核文件具体如下:

#
# GENERIC — Generic kernel configuration file for FreeBSD/i386
#
# For more information on this file, please read the handbook section on
# Kernel Configuration Files:
#
# http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-config.html
#
# The handbook is also available locally in /usr/share/doc/handbook
# if you’ve installed the doc distribution, otherwise always see the
# FreeBSD World Wide Web server (http://www.FreeBSD.org/) for the
# latest information.
#
# An exhaustive list of options and more detailed explanations of the
# device lines is also present in the ./LINT configuration file. If you are
# in doubt as to the purpose or necessity of a line, check first in LINT.
#
# $FreeBSD: src/sys/i386/conf/GENERIC,v 1.246.2.62.2.1 2005/01/14 03:07:39 scottl Exp $

machine i386
#cpu I386_CPU
#cpu I486_CPU
#cpu I586_CPU
cpu I686_CPU
ident funpower
maxusers 0

#makeoptions DEBUG=-g #Build kernel with gdb(1) debug symbols

options MATH_EMULATE #Support for x87 emulation
options INET #InterNETworking
#options INET6 #IPv6 communications protocols
options FFS #Berkeley Fast Filesystem
options FFS_ROOT #FFS usable as root device [keep this!]
options SOFTUPDATES #Enable FFS soft updates support
options UFS_DIRHASH #Improve performance on big directories
options MFS #Memory Filesystem
options MD_ROOT #MD is a potential root device
options NFS #Network Filesystem
options NFS_ROOT #NFS usable as root device, NFS required
options MSDOSFS #MSDOS Filesystem
options CD9660 #ISO 9660 Filesystem
options CD9660_ROOT #CD-ROM usable as root, CD9660 required
options PROCFS #Process filesystem
options COMPAT_43 #Compatible with BSD 4.3 [KEEP THIS!]
options SCSI_DELAY=15000 #Delay (in ms) before probing SCSI
options UCONSOLE #Allow users to grab the console
options USERCONFIG #boot -c editor
options VISUAL_USERCONFIG #visual boot -c editor
options KTRACE #ktrace(1) support
options SYSVSHM #SYSV-style shared memory
options SYSVMSG #SYSV-style message queues
options SYSVSEM #SYSV-style semaphores
options P1003_1B #Posix P1003_1B real-time extensions
options _KPOSIX_PRIORITY_SCHEDULING
options ICMP_BANDLIM #Rate limit bad replies
options KBD_INSTALL_CDEV # install a CDEV entry in /dev
options AHC_REG_PRETTY_PRINT # Print register bitfields in debug
# output. Adds ~128k to driver.
options AHD_REG_PRETTY_PRINT # Print register bitfields in debug
# output. Adds ~215k to driver.

# To make an SMP kernel, the next two are needed
#options SMP # Symmetric MultiProcessor Kernel
#options APIC_IO # Symmetric (APIC) I/O

options IPFILTER
options IPFILTER_LOG
options IPFILTER_DEFAULT_BLOCK

device isa
device eisa
device pci

# Floppy drives
device fdc0 at isa? port IO_FD1 irq 6 drq 2
device fd0 at fdc0 drive 0
device fd1 at fdc0 drive 1
#
# If you have a Toshiba Libretto with its Y-E Data PCMCIA floppy,
# don’t use the above line for fdc0 but the following one:
#device fdc0

# ATA and ATAPI devices
device ata0 at isa? port IO_WD1 irq 14
device ata1 at isa? port IO_WD2 irq 15
device ata
device atadisk # ATA disk drives
device atapicd # ATAPI CDROM drives
device atapifd # ATAPI floppy drives
device atapist # ATAPI tape drives
options ATA_STATIC_ID #Static device numbering

# SCSI Controllers
#device ahb # EISA AHA1742 family
#device ahc # AHA2940 and onboard AIC7xxx devices
#device ahd # AHA39320/29320 and onboard AIC79xx devices
#device amd # AMD 53C974 (Tekram DC-390(T))
#device isp # Qlogic family
#device mpt # LSI-Logic MPT/Fusion
#device ncr # NCR/Symbios Logic
#device sym # NCR/Symbios Logic (newer chipsets)
#options SYM_SETUP_LP_PROBE_MAP=0x40
# Allow ncr to attach legacy NCR devices when
# both sym and ncr are configured

device adv0 at isa?
device adw
device bt0 at isa?
device aha0 at isa?
device aic0 at isa?#

device ncv # NCR 53C500
device nsp # Workbit Ninja SCSI-3
device stg # TMC 18C30/18C50

# SCSI peripherals
device scbus # SCSI bus (required)
#device da # Direct Access (disks)
#device sa # Sequential Access (tape etc)
#device cd # CD
#device pass # Passthrough device (direct SCSI access)

# RAID controllers interfaced to the SCSI subsystem
#device asr # DPT SmartRAID V, VI and Adaptec SCSI RAID
#device dpt # DPT Smartcache – See LINT for options!
#device iir # Intel Integrated RAID
#device mly # Mylex AcceleRAID/eXtremeRAID
#device ciss # Compaq SmartRAID 5* series
#device twa # 3ware 9000 series PATA/SATA RAID

# RAID controllers
#device aac # Adaptec FSA RAID, Dell PERC2/PERC3
device aacp # SCSI passthrough for aac (requires CAM)
#device ida # Compaq Smart RAID
#device ips # IBM/Adaptec ServeRAID
#device amr # AMI MegaRAID
#device mlx # Mylex DAC960 family
#device pst # Promise Supertrak SX6000
#device twe # 3ware Escalade

# atkbdc0 controls both the keyboard and the PS/2 mouse
device atkbdc0 at isa? port IO_KBD
device atkbd0 at atkbdc? irq 1 flags 0x1
device psm0 at atkbdc? irq 12

device vga0 at isa?

# splash screen/screen saver
pseudo-device splash

# syscons is the default console driver, resembling an SCO console
device sc0 at isa? flags 0x100

# Enable this and PCVT_FREEBSD for pcvt vt220 compa tible con sole driver
#device vt0 at isa?
#options XSERVER # support for X server on a vt console
#options FAT_CURSOR # start with block cursor
# If you have a ThinkPAD, uncomment this along with the rest of the PCVT lines
#options PCVT_SCANSET=2 # IBM keyboards are non-std

device agp # support several AGP chipsets

# Floating point support – do not disable.
device npx0 at nexus? port IO_NPX irq 13

# Power management support (see LINT for more options)
device apm0 at nexus? disable flags 0x20 # Advanced Power Management

# PCCARD (PCMCIA) support
#device card
#device pcic0 at isa? irq 0 port 0x3e0 iomem 0xd0000
#device pcic1 at isa? irq 0 port 0x3e2 iomem 0xd4000 disable

# Serial (COM) ports
#device sio0 at isa? port IO_COM1 flags 0x10 irq 4
#device sio1 at isa? port IO_COM2 irq 3
#device sio2 at isa? disable port IO_COM3 irq 5
#device sio3 at isa? disable port IO_COM4 irq 9

# Parallel port
device ppc0 at isa? irq 7
device ppbus # Parallel port bus (required)
device lpt # Printer
device plip # TCP/IP over parallel
device ppi # Parallel port interface device
#device vpo # Requires scbus and da

# PCI Ethernet NICs.
device de # DEC/Intel DC21x4x (“Tulip”)
device em # Intel PRO/1000 adapter Gigabit Ethernet Card (“Wiseman”)
device txp # 3Com 3cR990 (“Typhoon”)
device vx # 3Com 3c590, 3c595 (“Vortex”)

# PCI Ethernet NICs that use the common MII bus controller code.
# NOTE: Be sure to keep the ‘device miibus’ line in order to use these NICs!
device miibus # MII bus support
#device dc # DEC/Intel 21143 and various workalikes
#device fxp # Intel EtherExpress PRO/100B (82557, 82558)
#device pcn # AMD Am79C97x PCI 10/100 NICs
#device rl # RealTek 8129/8139
#device sf # Adaptec AIC-6915 (“Starfire”)
#device sis # Silicon Integrated Systems SiS 900/SiS 7016
#device ste # Sundance ST201 (D-Link DFE-550TX)
#device tl # Texas Instruments ThunderLAN
#device tx # SMC EtherPower II (83c170 “EPIC”)
#device vr # VIA Rhine, Rhine II
#device wb # Winbond W89C840F
device xl # 3Com 3c90x (“Boomerang”, “Cyclone”)
#device bge # Broadcom BCM570x (“Tigon III”)

# ISA Ethernet NICs.
# ‘device ed’ requires ‘device miibus’
device ed0 at isa? disable port 0x280 irq 10 iomem 0xd8000
device ex
device ep
device fe0 at isa? disable port 0x300
# Xircom Ethernet
device xe
# PRISM I IEEE 802.11b wireless NIC.
device awi
# WaveLAN/IEEE 802.11 wireless NICs. Note: the WaveLAN/IEEE really
# exists only as a PCMCIA device, so there is no ISA attachment needed
# and resources will always be dynamically assigned by the pccard code.
device wi
# Aironet 4500/4800 802.11 wireless NICs. Note: the declaration below will
# work for PCMCIA and PCI cards, as well as ISA cards set to ISA PnP
# mode (the factory default). If you set the switches on your ISA
# card for a manually chosen I/O address and IRQ, you must specify
# those parameters here.
device an
# The probe order of these is presently determined by i386/isa/isa_compat.c.
device ie0 at isa? disable port 0x300 irq 10 iomem 0xd0000
#device le0 at isa? disable port 0x300 irq 5 iomem 0xd0000
device lnc0 at isa? disable port 0x280 irq 10 drq 0
device cs0 at isa? disable port 0x300
device sn0 at isa? disable port 0x300 irq 10

# Pseudo devices – the number indicates how many units to allocate.
pseudo-device loop # Network loopback
pseudo-device ether # Ethernet support
#pseudo-device sl 1 # Kernel SLIP
#pseudo-device ppp 1 # Kernel PPP
pseudo-device tun # Packet tunnel.
pseudo-device pty # Pseudo-ttys (telnet etc)
pseudo-device md # Memory "disks"
#pseudo-device gif # IPv6 and IPv4 tunneling
#pseudo-device faith 1 # IPv6-to-IPv4 relaying (translation)

# The `bpf’ pseudo-device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
pseudo-device bpf #Berkeley packet filter

# USB support
#device uhci # UHCI PCI->USB interface
#device ohci # OHCI PCI->USB interface
device usb # USB Bus (required)
#device ugen # Generic
#device uhid # "Human Interface Devices"
#device ukbd # Keyboard
#device ulpt # Printer
#device umass # Disks/Mass storage – Requires scbus and da
#device ums # Mouse
#device uscanner # Scanners
#device urio # Diamond Rio MP3 Player
# USB Ethernet, requires mii
#device aue # ADMtek USB ethernet
#device axe # ASIX Electronics USB ethernet
#device cue # CATC USB ethernet
#device kue # Kawasaki LSI USB ethernet

# FireWire support
device firewire # FireWire bus code
device sbp # SCSI over FireWire (Requires scbus and da)
device fwe # Ethernet over FireWire (non-standard!)

编辑好funpower后开始编译安装内核:
#/usr/sbin/config funpower
#cd ../../compile/funpower
#make depend
#make
#make intall

编译安装完成后重启机器。

四、配置包过滤(ipfilter)及包转发(ipnat)服务

1、编辑/etc/ipf.conf

block in log quick all with short
block in log quick all with ipopts
block in log quick all with frag
block in log quick all with opt lsrr
block in log quick all with opt ssrr

pass out on xl0 all
pass in on xl0 all
pass out quick on lo0 all
pass in quick on lo0 all

block out on em0 all

block out log on em0 from any to 192.168.0.0/16
block out log quick on em0 from any to 0.0.0.0/8
block out log quick on em0 from any to 169.254.0.0/8
block out log quick on em0 from any to 10.0.0.0/8
block out log quick on em0 from any to 127.16.0.0/12
block out log quick on em0 from any to 127.0.0.0/8
block out log quick on em0 from any to 192.0.2.0/24
block out log quick on em0 from any to 204.152.64.0/23
block out log quick on em0 from any to 224.0.0.0/3

pass in quick on em0 proto tcp from any to 218.104.52.x port = 22 flags S keep state
pass in quick on em0 proto tcp from any to 218.104.52.x port = 23 flags S keep state
pass out log on em0 proto tcp/udp from any to any keep state
pass out log on em0 proto icmp all keep state

block in log on em0 from 192.168.0.0/16 to any
block in log quick on em0 from 10.0.0.0/8 to any
block in log quick on em0 from 172.16.0.0/12 to any
block in log quick on em0 from 127.0.0.0/8 to any
block in log quick on em0 from 192.0.2.0/24 to any
block in log quick on em0 from 169.254.0.0/16 to any
block in log quick on em0 from 224.0.0.0/3 to any
block in log quick on em0 from 204.152.64.0/23 to any

pass in quick on em0 proto tcp from any to any port = 80 flags S/SA keep state
pass in quick on em0 proto tcp from any to any port = ftp flags S/SA keep state
pass in quick on em0 proto tcp from any to any port = ftp-data flags S/SA keep state
pass in quick on em0 proto tcp from any to any port 30000 >< 50001 flags S/SA keep state

block in quick on em0 all

block in log quick on em0 proto icmp from any to any icmp-type redir
block in log quick on em0 proto icmp from any to any
block in log quick on em0 proto icmp from any to any icmp-type echo

block return-rst in log on em0 proto tcp from any to any flags S/SA
block return-icmp(net-unr) in log on em0 proto udp from any to any

2、编辑/etc/ipnat.conf

map em0 192.168.61.0/24 -> 218.104.52.x/32 portmap tcp/udp 20000:39999
map em0 192.168.61.0/24 -> 218.104.52.x/32
map xl0 192.168.61.0/24 -> 218.104.52.x/32
map em0 192.168.61.0/24 -> 218.104.52.x/32 proxy port ftp ftp/tcp

五、配置DHCP服务

1、通过ports安装isc-dhcp3-server

安装前先从http://ftp.bestcom.ru/FreeBSD/ports/distfiles/]] >

freebsd4.x 忘记root密码后的修改

当显示 boot … 9 seconds按任意健
输入:boot -s

然后进行如下操作:
# mount /
# mount /usr
# cd /usr/bin
# passwd root
输入新的root密码

几个ipnat管理查看命令

要重新加载 NAT 规则, 可以使用类似下面的命令:
# ipnat -CF -f /etc/ipnat.rules

如果想要看看您系统上 NAT 的统计信息,可以用下面的命令:
# ipnat -s

列出当前的 NAT 表的映射关系
# ipnat -l

要显示详细的信息并显示与规则处理和当前的规则/表项:
# ipnat -v

清除ipnat的设定
# ipnat -C

监测数据的流量
# ipfstat 

在线rss阅读聚合器lilina-0.7安装笔记

http://prdownloads.sourceforge.net/lilina/lilina-0.7.tar.gz?download下载lilina最新版lilina-0.7.tar.gz,从http://cn2.php.net/get/php-4.3.9.tar.gz/from/a/mirrorhttp://apache.justdn.org/httpd/下载php-4.3.9.tar.gz和apache_1.3.33.tar.gz,用ftp将三个文件放到服务器上(/funpower)

1、 安装apache和php

#tar zxvf apache_1.3.33.tar.gz
#tar zxvf php-4.3.9.tar.gz
#cd apache_1.3.33
#./configure –prefix=/usr/local/apache
#cd php-4.3.9
#./configure –with-apache=../apache_1.3.33 –with-mysql –disable-debug –enable-track-vars
#cp php.ini-dist /usr/local/lib
#cd /usr/local/lib
#mv php.ini-dist php.ini
#cd apache_1.3.33
#./configure –prefix=/usr/local/apache –activate-module=src/modules/php4/libphp4.a
#make
#make install

配置/usr/local/apache/conf/httpd.conf
加入:
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
并修改以下几项:
Servername funpower_info.3322.org
DirectoryIndex index.php

将apache加入到启动项:

#ee /etc/rc.local
加入如下一行:
/usr/local/apache/bin/apachectl start

重启服务器,在/usr/local/apache/htdocs下新建一个test.php,内容为,然后输入http://yourdomain.com/test.php,如果能看到php-4.3.9的信息,则apache和php安装成功。

2、安装lilina-0.7

删除/usr/local/apache/htdocs下的全面内容,将lilina0.7文件夹下的所以内容复制过去,并作如下修改:

#chmod 777 cache
#chmod 777 .myfeeds.data
#chown -R nobody:nobody htdocs

配置conf.php文件,内容如下:

$BASEURL = ‘http://lilina.sourceforge.net’ ; // no trailling slash!
$USERNAME = ‘funpower’ ; //改自己的
$PASSWORD = ‘123456789’ ; //改自己的
$SITETITLE = "funpower blog" ; //改自己的
$OWNERNAME = "guanjianfeng" ; //改自己的
$OWNEREMAIL = "guanjianfeng@jscpu.com" ; //改自己的

$DATAFILE = ‘./.myfeeds.data’ ; //不修改
$TIMEFILE = ‘./.time.data’ ; //不修改

$GOOGLE_KEY = ” ; // Use your Google WEB APIs key here. For info visit http://www.google.com/apis/

/*
IMPORTANT NOTE! Setting ENABLE_DELICIOUS to 1 will make lilina poll del.icio.us for tags.
THIS MAY RESULT TO DEL.ICIO.US BANNING YOUR IP!!!
Until del.icio.us officially allows such use, it is better to leave this to 0.
*/
$ENABLE_DELICIOUS = 0 ;

/*
Default cache expiration is set to 1 hour.
This can be overriden by loading index.php?force_update=1
*/
define(‘MAGPIE_CACHE_AGE’,60 * 60);
?>

保存退出。重启服务器,打开首页,就能看到lilina-0.7的页面了,进入管理界面就能订阅你自己喜欢的rss了 🙂

参考文章
http://www.douzhe.com/article/data/2/649.html

20051113更新:安装lilina续 – 更改首页显示天数

lilina默认首页上显示的是一天的内容,更改index.php的:

$TIMERANGE = ( $_REQUEST[‘hours’] ? $_REQUEST[‘hours’]*3600 : 3600*24 ) ;

改成

$TIMERANGE = ( $_REQUEST[‘hours’] ? $_REQUEST[‘hours’]*3600 : 3600*168 ) ;

这样就能显示一星期(24*7=168)的内容了。

socks5-v1.0r11.tar.gz安装笔记

2005-10-21更新:将socks5.conf中的permit u – 172.16.0 – – -更改为permit u – 172.16.0. – – –

========================================

作者:老管 email: funpower@gmail.com

北大天网搜索下载socks5-v1.0r11.tar.gz,然后通过ftp放入服务器的/home/funpower中,开始安装:

1、解压编译安装socks5

# tar xvzf socks5-v1.0r11.tar.gz
# cd socks5-v1.0r11
# ./configure
# make
# make install

2、配置socks5.conf及socks5.passwd

# ee /etc/socks5.conf
加入如下内容:
auth – – u
permit u – 172.16.0. – – –
set SOCKS5_NOIDENT
set SOCKS5_V4SUPPORT
set SOCKS5_PWDFILE /etc/socks5.passwd

# ee /etc/socks5.passwd
加入如下内容:
user password

3、设置随系统一起启动

#ee /etc/rc.local
加入如下内容:
/usr/local/bin/socks5

重启服务器。

参考文章(一些参数的解释讲的很详细):

在Linux上配置和实现SOCKS v5
Socks5代理服务器安装及配置文件